Real 5

I need hint for real 5 ! I read e-mail from s.anderson to billsmith , and I think I got pass for billsmith it`s s**d*r !? Please help !

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 01-07-05 01:43

You've read the e-mail...then, you don't need the password anymore. Also, there are 2 ways of getting the e-mail and the correct way is with cookies. Once you've read the real e-mail, it says, almost exactly, what to do next (where to go).

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 02-07-05 18:30

I`m reading the wrong email lol

From: sanderson@ebussnet.com To: BillSmith@ebussnet.com Name: New DirectoryE****: Hello Sir, I have seen that you made folders for every user and that they can be accessed from the web. But as I have tryed,I couldn't get access to them. Can you please tell me how can I access my files from the web?
Reply: Im Sorry, this options is only for me

is there another email ??

Edited by on 02-07-05 18:32

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 04-07-05 20:38

Yeah, you're reading the wrong e-mail, change your cookies to Bill's username and password, then refresh the main e-mail page. There should be a new e-mail there.

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 04-07-05 21:28

I get email which MEFISTO describe by accessing BillSmith files (it was find by guessing).
Can somebody point me where to look (email folder or ...) to get BillSmith data?

Author

RE: Real 5

ok now iv loggd in as Jdoe and i went to "view folder" and it sed 'You are not allowed to see this folder' so i lookd @ the adres bar and it sed http://www.hellboundhackers.org/challenges/real5/personal.php?user=Jdoe&pass=trebuchet&view=folder so i edited tht 2 http://www.hellboundhackers.org/challenges/real5/personal.php?user=BillSmith&pass=s*i*e*&view=folder and it didnt work so i am wondering how do u beat this then?

RE: Real 5

I know what to do with the user/pass of bill but I only get one message and that doesn't make me smarter or gives me new info on the mission :s

Could a firewall or firefox settings interrupt with the working of the mission???

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 04-09-05 15:13

Could anyone give me a hand pls????

I tried voiding the c***** with tools, javascript, etc.etc. and none of them gave me more then 1 message. And that one message is a convo between anderson and smith, anderson asks on how to access his personal folders.

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 12-09-05 02:25

what did you use to decrypt the css filenames? No decrypter i use ever works

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 12-09-05 14:53

loopguru - Use Cain & Able for that

The_Cell - The information given in the right e-mail will hint at the directory name, just use some logic.

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 26-09-05 05:52

damn i'm stuck, i got the password but there is no cookie to set !!
and i cannot login as BillSmit cuz it gives me an error "wrong password"
any clues ??

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 26-09-05 10:06

Use javascript inject to set username and password (remember Refresh)

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 01-10-05 19:52

hmmm, this is doing my head in now, I have done everything in the brief except for the last step and it seems buggy to me (i kept getting echo'd php source code while browsing folders). I've changed permissions, changed IP, now what?

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 01-10-05 20:08

Now you have to report BillSmith to the right authority using the report form on the sight. You won't be able to see it by looking, you need to find a way to get to it. You could guess the name, or exploit something to show you all of the files.

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 01-10-05 20:16

bah, I stumbled across it now but i get "We could not send you report due to the following reasons"...

lol, keep tryin eh

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 09-11-05 02:41

I found the hash in the source files and tried to use cain to decrypt it. Never found a result. Tried dic and bf attack. Sure you use cain?

aVoid

Author

RE: Real 5

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 09-11-05 03:59

I found the password encrypted 3ff7efd******** , but I can't decrypt it . I tried Cain and also go to milw0rm.com to search it , but there's no result .